Breaking: blog which exposed the Hamdania/Haditha incident is hacked

http://euphoricreality.com/ | 04/16/2008 | RaceBannon

[weegee]

As soon as you host it online, you have uploaded it “offsite” from your home. The provider has no backups of their network?

The provider has no responsibility for their network against hacked attacks?

[Fichori]

euphoriadev:

I noticed those screen shots show what appears to be Arabic.


A quick google search turned up this
(below is a firebug HTML copy/paste from the above link)

black.scorpion

Registered user # 13942
Your web site: http://www.13x17.org
Your e-mail address: amirianvahid@yahoo.com
Yahoo! Messenger ID: amirianvahid
MSN Messenger: vahid.amirian@hotmail.com
Location: IRAN

Signature:
:: Black Scorpion ::

User's current status: Off-line.

[ Send private message black.scorpion ]

Last 10 comments by black.scorpion:

Last 10 news submissions by black.scorpion:

The website of the 'black.scorpion' mentioned on hackinthebox.org seems to be entirely in Arabic.

So there are 4 major possibilities:

The person responsible is this 'black.scorpion' person
The person responsible is copying this 'black.scorpion' person
The person responsible is framing this 'black.scorpion' person
The 'black.scorpion' person is totally unrelated to the person who hacked your site.


So the question is, who would have a motive?

[freema]

[freema]

http://euphoricreality.com/

[freema]

ping

[freema]

Innocent until proven guilty; The Pendleton 8: We are not going down without a fight

[euphoriadev]

UPDATE: They did it again. I had the site half back to normal (although missing two years’ of posts), and they freaking did it again.

On my way to the day job now...no time to fix. GUess it’s gotta stay this way for a bit.

[RaceBannon]

TO ALL:

THIS IS A LIST FROM EUPHORIADEV AS TO WHAT WAS DONE AND WHO RECENTLY VISITEDD HER SITE. NOTE ALL THE MILITARY SITES THAT VISITED HER SITE RECENTLY

I had nightly backups on two servers. All are gone.

I had offsite backups. They are gone.

They got in all the way to the cpanel and deleted databases under two domains. I am currently working to try and get back into the site enough to fix it.

And no. I don’t think it was Islamics. Here’s a list of the recent hits on my site:

Oceanside California United States
gate23-sandiego.nmci.usmc.mil (138.162.140.53)

Oceanside California United States
gate25-sandiego.nmci.usmc.mil (138.162.140.55)

Halifax Nova Scotia Canada
iusr5.gov.ns.ca

Washington District Of Columbia United States
weppsb02.northropgrumman.com (155.104.37.18)

Washington District Of Columbia United States
70.106.14.174

Dhahran Ash Sharqiyah Saudi Arabia
166.87.170.50

Amman Jordan
86.108.92.154

Colorado Springs Colorado United States
fwcluster.mda.mil (140.32.120.188)

Halethorpe Maryland United States
firewall.arinc.com (144.243.4.2)

Montgomery Alabama United States
proxy.maxwell.af.mil (132.60.240.80)

Springfield Missouri United States
unassigned.fema.gov (71.252.64.50) FEMA.GOV

Gaithersburg Maryland United States
roanoke.ncsl.nist.gov (129.6.101.38) NIST

Gaithersburg Maryland United States
rhine.ncsl.nist.gov (129.6.101.11) NIST

Also entries from guildassociates.com. GO to that site.

Anyone who has ANY of my old material on the Pendleton 8, please email me asap. kit.lange@gmail.com

Thanks so much.

[Tribune7]

How did they access your offsite backups?

[tsmith130]

UPDATE: They did it again. I had the site half back to normal (although missing two years’ of posts), and they freaking did it again.

Anyway to tell who the last visit was from this time? If so, does it match any of the last visits from your previous list?

[usmcobra]

Amman Jordan
86.108.92.154

There’s your guy.

[PGalt]

Thanks for the ping. Interesting thread. Thanks to tech savvy FReepers. BUMP for tech savvy FReepers.

[armymarinemom]

My bet is on the Saudi or the Jordan addresses. The hack looks just like the rest of the Hackers work out there. If she can take a look at the raw access files it will tell her more than the c-panel’s last visits.

[RaceBannon]

If that’s really him,

[RaceBannon]

From a Freeper who can translate Arabic, this is what the graphic actually says

OK, I got you. It says the following:

“With the help of allah, this site has been hacked because it insulted our eminent messenger, posted images and made fun of our heroic Moujahdeen. May your hands be paralyzed wherever you are, allah damn you. Victory is for islam and the muslims.”

eminent messenger = mohammad.

[RaceBannon]

I am just curious how it gets around firewals and such! :)

[70th Division]

I found this read sad and fascinating at the same time. Although I don't pretend to understand all this I am totally impressed with the wisdom here. It is just so refreshing to see so many willing to help this person. All you people are just GRRR . . ATE! P.S. Hope they nail the dirt bag that did this. Mess with him good.

[usmcobra]

He’s a hacker, they aren’t afraid of being hacked since they know all the means of doing so....

Perhaps you should look into this as being part of some Jihadi interrorist attack designed to prevent the exoneration of our Marines and cause a wide spread loss of faith in the Corps, rather then some liberal military source stifling the evidence for much the same reason.

If this is some sort of new terrorist tactic attempting to ride a wave of discontent it won’t be the last.

[Velveeta]

ping

[Fichori]

"From a Freeper who can translate Arabic, this is what the graphic actually says"[excerpt]

I couldn't tell from your post if you were able to translate Arabic or if you knew someone who did.

Either way, can you [or whoever can knows Arabic] take a look at http://www.forum.13x17.org/ and give us a general idea of what its about?

Thanks.